Date: Sat, 11 Nov 2006 11:27:19 +0100 From: Erik Norgaard <norgaard@locolomo.org> To: Josh Carroll <josh.carroll@psualum.com> Cc: questions@freebsd.org Subject: Re: Is the vulnerability database up to date? Message-ID: <4555A587.8040402@locolomo.org> In-Reply-To: <8cb6106e0611101416q42b236d3k5ce81c4261455ec1@mail.gmail.com> References: <4554E2BF.2090000@locolomo.org> <8cb6106e0611101416q42b236d3k5ce81c4261455ec1@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Josh Carroll wrote: >> So - what's the point? I mean updating the port to a newer port with the >> same or newer known vulnerabilities? > > # portaudit > 0 problem(s) in your installed packages found. > # pkg_info| grep firefox > firefox-2.0_2,1 Web browser based on the browser portion of Mozilla > > Seems ok to me. Which version of firefox is in your ports tree, and > have you run portaudit -F lately? This is weird. When I wrote yesterday I had updated ports and the vuln database just before that. Now I just did # pkg_info |grep firefox which gave TWO matches, one was 2.0_r2,1 which I have previously built with disabling vuln, later I upgraded to 2.0_1,1. For some reason the 2.0_2r,1 had not been deleted completely I guess, and after deleting it with pkg_delete, there are no longer any warnings. But it still beats me why this should affect building the newer version, building for the 2.0_2,1 version yesterday terminated with a list of vulnerabilities. How is this check run for new builds? Thanks, Erik -- Ph: +34.666334818 web: http://www.locolomo.org X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4555A587.8040402>